Meeting minutes
https://
<jeffh> https://
tony: this is associated with #1510, look at this.
https://
tony: I don't think this warrants a change; other opinions?
akshay: I have to finish reading, but this UV options we have are not per-cred basis in get assertion
… he seems to be proposing do the credential thing first, but can't release the U2F cred
… I don't think this changes anything from the spec perspective.
JeffH: our thought was there is a mis-understanding.
… we were going to try and clarify.
tony: he has a PR, should we undertake this in CR
jeffH: no
akshay: no
tony: so no editorial chang for CR
jeffH: I have not gone through this with a fine tooth comb
tony: so you think this is not warranted for CR
jeffH: given pushback from Shane, Emil....
Shane: it's a very wordy description of the problem. I'm struggling with the description
… the user experience and scenario
… I am re-reading it
… initially I thought it was a misconception binding vs. ceremony
jeffH: he wrote a long blog post to go with it. I have not read that yet.
shane: need to do this before we take it on.
elundberg: I don't think we need any normative changes now
… he proposed a technical change.
… I don't see change for CR
… probably solved bypass cred protect in CTAP
jbradley: I think he thinks web authn works in a different way than it does
… we have looked at user verificaiton. don't think we can do it for L2
tonhy: but is this a web auth or ctap issue
jbradley: i don't think that it is CTAP
… is user verified preferred the best wording, we need RPs to understand/enforce this
… people are getting confused, can we solve that editorially
… but not something we can do in Level 2
… sites that don't check at all end up with UX that can confuse people
akshay: it's not a spec issue
elundberg: default is a spec issue.
jbradly: this comes up every other week. was pin in,
… maybe not have default prompt user for PIN when there isn't one.
akshay: I don't think this is a spec issue.
jeffH: lets not do anything for this issue for Level 2, clarify in adoption issues
… maybe make an editorial update in L3 and straighten it out.
tony: give one extra week to look at this
jeffH: other methods to get adoption issues out.
nickS: I need to find the time to look closer at it
tony: make a decision next week. That sound OK.
jeffH: that sounds good.
<jeffh> https://
tony: this is all out of scope
<jeffh> Denis Pinkas' comments on webauthn L2 CR
tony: some of this will be taken on in Level 3
tony: put this off - define authenticator more thoroughly
elunberg: not sure we need a definition in the definition section.
jeffH: only used in section 11
… northing to do for L2
lookin at email https://
gong through numbered sections
jeffH: in item 6 something to fix. 13.4 is not appearing in spec
elundberg: was there any content?
jeffH: thought we had some; can't find it now
jeffH: there is no content here.
tony: is this something to work on?
jeffh: editorial, we should clean it up.
jbradley: gete rid of section numbers or come up with some text.
jeffH: look back at this and see if something was deleted.
jeffH: I will submit an issu
… issu
… issue
tony: number 7 in this list?
elundberg: I will open an issue for this
tnoy: anything else
… next week we will figure out #1547
… should not do fix for L2
… reach out and see if he wants to join, but this is a normative change
tony: I will reach out
… group seems to be saying we won't take his approach to fix this - so no IPR issue.